Messaging Apps: Exposing FBI’s Legal Access To Their Contents
People trust that messaging apps will always keep their communication private. However, law enforcement agencies as big as the FBI sometimes need to access private information from messaging apps for crime investigations. The law allows them to do it.
Author:Hajra ShannonReviewer:Paula M. GrahamDec 17, 202159 Shares59.3K Views
When it comes to messaging apps, people are confident that their communication with anyone shall remain private forever no matter what.
Then came along the Federal Bureau of Investigation (FBI), which, through established U.S. laws, has been granted the power to access so much private information.
It took an effort by a Washington-based nonprofit organization for the public to know about it.
Property of the People upholds that government records are public property as it aims for “governmental transparency.”
It recently uncovered how much information the FBI can get from messaging apps.
TOP 7 most secure messaging apps ✅ Stop giving your info out
The Unclassified FBI Document
Property of the People received the FBI document through a Freedom of Information Actrequest, according to online cybersecurity resource The Record.
The said organization published it (the document appears like an infographic) on its website on November 19, 2021. It also tweeted that it shared the document with Rolling Stone’s Washington, D.C., Bureau Chief Andy Kroll.
Titled “Lawful Access” (subheading: “FBI’s Ability to Legally Access Secure Messaging App Content and Metadata”) and dated January 7, 2021, the one-page document bears the protective markings (U//FOUO) and (U//LES). They mean “Unclassified//For Official Use Only” and “Unclassified//Law Enforcement Sensitive,” respectively.
Prepared by the FBI’s Science and Technology Branch and Operational Technology Division, it contains information regarding the bureau’s “lawful access” to certain information managed, kept, and safeguarded by nine mobile/messaging applications.
Moreover, according to the document, the FBI was authorized “to legally access” such information from the listed messaging apps as of November 2020.
Spill The Beans – The Document’s Basic Content
Alphabetically listed in the FBI document, below are the nine mobile apps or messaging apps and the pertinent details that, per existing U.S. laws, the FBI has been authorized to access.
Under “Information Accessed,” the FBI can access the following specific information:
(1) subscriber’s data
(2) message sender receiver data
(3) device backup
(4) IP address
(5) encryption key(s)
(6) date/time information
(7) registration time data
(8) user’s contacts
Note, however, that the companies behind the message apps mentioned in the document don’t give the FBI access to all the above-mentioned information.
Under “Legal Process,” the following are required before the FBI can proceed with a particular action/request:
(1) court order/subpoena
(2) search warrant
(3) preservation letter
The FBI can also operate under “U.S. Code Title 18. Crimes and Criminal Procedure § 2703” or “18 USC §2703(d),” which has the title: “Required disclosure of customer communications or records.”
In addition, the FBI can use a pen register, aka dialed number recorder (DNR), which is “an electronic device that records all numbers called from a particular telephone line,” according to Wikipedia.
Information regarding the country of origin was supplied by the author of this article.
App: iMessage(U.S. company)
Information Accessed: all except for the IP address (refer to the enumerated information above)
Legal Process: access to basic subscriber’s record (subpoena); access to 25 days’ worth of iMessage lookups “and from a target number” [per “18 USC §2703(d)”]; access to device backup and, if applicable, to encryption keys of the iCloud backup of the device (search warrant)
Additional Details: access to message content is allowed but limited only
App: LINE(South Korea)
Information Accessed: 1, 2, 6, 7, 8
Additional Details: access to message content is limited only; seven days’ worth (the maximum) of text chat
App: Signal(U.S.)
Information Accessed: 6 and 7
Additional Details: access to message content not allowed
App: Telegram(Russia)
Information Accessed: 7
Additional Details: access to message content not allowed; in the case of “confirmed terrorist investigations,” Telegram “may disclose IP address and phone number to relevant authorities,” per its own Privacy Statement
App: Threema(Switzerland)
Information Accessed: 1, 5, 6, 7
Additional Details: access to message content not allowed
App: Viber(Japan)
Information Accessed: 1, 4, 5, 6, 7
Additional Details: access to message content not allowed
App: WeChat(China)
Information Accessed: 1, 4, 7
Legal Process: preservations letter; subpoena (note: applies only to accounts created outside China)
Additional Details: access to message content not allowed
App: WhatsApp(U.S.)
Information Accessed: 1, 2, 5, 6, 7
Legal Process: access to basic subscriber’s record (subpoena); information about blocked users (court order); “address book contacts and WhatsApp users who have the target in their address book contacts” (search warrant); each message (source and destination) sent every 15 minutes (pen register)
Additional Details: access to message content is allowed but limited only
App: Wickr(U.S.)
Information Accessed: 1, 6, 7
Additional Details: access to message content not allowed
Data Privacy Messaging Apps
Among the nine messaging apps whose content and metadata can be scrutinized by the FBI, only Telegram gives one specific information (registration time data) from its users.
Next is Signal with only two (date/time information and registration time data).
WeChat and Wickr only give three (subscriber’s data and registration time data), with WeChat permitting access to information concerning IP address and Wickr, date/time information.
Apple’s iMessageand Meta’s (formerly Facebook) WhatsApp are the only two (perhaps because they’re American companies?) from which so much information can be obtained by the FBI, via legal means, of course.
Aside from Threema and Viber, iMessage and WhatsApp can give encryption key(s) to the FBI.
When Rolling Stone sought WhatsApp for comments, a spokeswoman said that they “carefully review, validate, and respond to law-enforcement requests based on applicable law.”
WhatsApp can provide information to the FBI and other law enforcement agencies about the people whom the app user communicated with, the time the communication happened, and other WhatsApp users included in the original user’s address book.
What’s alarming about this, noted Rolling Stone, is that journalists use messaging apps such as WhatsApp for work. From time to time, they cover delicate and complex stories; thus, the need to contact people, who need to remain anonymous for security reasons.
Rolling Stone mentioned the case of Natalie Edwards, who received a 6-month prison sentence in 2020 after authorities got access (legally, of course) to her WhatsApp messages.
Edwards was a senior adviser at the Financial Crimes Enforcement Network (FinCEN) of the U.S. Treasury Department, who supplied sensitive information to a BuzzFeed News reporter.
Most Secure Messaging App 2021
Except for Telegram and WeChat, all of them – iMessage, LINE, Signal, Threema, Viber, WhatsApp – are encrypted messaging apps. Meaning, they use end-to-end encryption (E2EE).
E2EE is a way to secure communication between a sender and a recipient, where no other parties can access such communication.
When it comes to encrypted messaging apps, Heimdal Security, an award-winning cybersecurityprovider in Copenhagen, named 15 as being “the most secure” in a July 2021 blog post.
Here’s the list’s Top 5:
(1) Signal
(2) iMessage
(3) WhatsApp
(4) Viber
(5) Threema
Part of the Top 10:
(6) LINE
(7) Telegram
(8) KakaoTalk
(9) Dust
(10) Wickr
Part of the Top 15:
(11) CoverMe
(12) Silence
(13) Pryvate Now
(14) SureSpot
(15) Wire
Below are also the top five picks of three reputable online tech resources.
TechRadar (for Android only):
(1) Signal
(2) WhatsApp
(3) Telegram
(4) Threema
(5) Silence
Tom’s Guide:
(1) Signal
(2) Threema
(3) WhatsApp
(4) Telegram
(5) Silent Phone
ZDNet:
(1) Samsung and Google Messages
(2) Signal
(3) Apple Messages
(4) Whatsapp
(5) Facebook Messenger
Which Texting App Is Most Secure?
Based from the top choices by Heimdal Security, TechRadar, Tom’s Guide, and ZDNet, Signal is the most secure textingor messaging app.
On its website, software developer AVG said that “security experts and government organizations worldwide” agree, too.
Signal protocol handles the E2EE of Signal. When it comes to mobile encryption, AVG attested that Signal protocol is “the gold standard.”
Aside from password security and PIN access, another security feature of Signal is “disappearing messages,” according to AVG. Users can make the messages they send and receive to disappear “after a certain period of time.”
It comes for free, too (Linux, macOS, Windows; Android, iOS).
Conclusion
Investigating crimesis part of the job of law enforcement, and nowadays mobile apps are used in crime operations and illegal transactions.
As companies are compelled by the law to cooperate, for example, with the FBI, by giving access to supposedly private information, they should become more transparent with it. They should update their privacy statements and make them clearer and easier to understand for their clients.
It's now up to users to read carefully the privacy statement of these messaging apps to know how much of their privacy is at stake.
Hajra Shannon
Author
Paula M. Graham
Reviewer
Latest Articles
Popular Articles